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AMENDMENTS 

Tn the Claims 

Claims 33-36 and 71-75 were previously canceled. 

Please cancel claims 8 and 9 without prejudice. 

Please amend claims 1, 10-14, 20, 45, and 55-58 as shown below. 

Claims 1-7, 10-32, and 37-70 are pending and are listed following: 

1. (currently amended) A network system, comprising: 
a first device to maintain an original resource; 

a second device to maintain a replica resource remotely from the first 
device, the replica resource being replicated from the original resource; 

memory to store a cached descriptor corresponding to the original resource; 
a security component to determine whether the replica resource will pose a 
security risk to the second device upon receipt of a request for the replica resource, 
wherein the request designates a resource locator , the security component: 

bein g configured to determine whether the request will pose _a 
securit y risk to the second device: 

formulating a descriptor corresponding to the replica resource and 
comparing the formulated descriptor with the cached descriptor; and 

if the formulated descriptor and the cached descriptor are not 
equivalent, formulating a second descriptor corresponding to the original 
resource and comparing the formulated descriptor with the second 
descriptor. 
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2. (original) A network system as recited in claim 1, wherein the 
security component determines that the replica resource is not a security risk if the 
formulated descriptor and the cached descriptor are equivalent. 

3. (original) A network system as recited in claim 1, wherein, if the 
formulated descriptor and the cached descriptor are not equivalent, and if the 
formulated descriptor and the second descriptor are equivalent, the security 
component determines that the replica resource is not a security risk. 

4. (original) A network system as recited in claim 1 > wherein, if the 
formulated descriptor and the cached descriptor are not equivalent, and if the 
formulated descriptor and the second descriptor are equivalent, the security 
component determines that the replica resource is not a security risk, and the 
cached descriptor is replaced with the second descriptor. 

5. (original) A network system as recited in claim 1 , wherein, if the 
formulated descriptor and the cached descriptor are not equivalent, and if the 
formulated descriptor and the second descriptor are not equivalent, the security 
component determines that the replica resource is a security risk, and the replica 
resource is replaced with a copy of the original resource. 
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6, (original) A network system as recited in claim 1 , wherein, if the 
formulated descriptor and the cached descriptor are not equivalent, and if the 
formulated descriptor and the second descriptor axe not equivalent, the security 
component determines that the replica resource is a security risk, the replica 
resource is replaced with a copy of the original resource, and the cached descriptor 
is replaced with the second descriptor. 

7. (original) A network system as recited in claim 1, wherein the 
security component formulates the cached descriptor when the original resource is 
replicated to create the replica resource. 

8-9. (canceled). 

10. (currently amended) A network system as recited in claim 8 
claim 1 . wherein the request further designates [[a]] the resource locator having a 
resource path, the resource path identifying a location of the replica resource, and 
wherein the security component determines that the request is not a security risk if 
the resource path does not exceed a maximum number of characters. 
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11. (currently amended) A network system as recited in <to-S 
C l aim i , wherein the request forte designates [[a]] the resource locator having a 



plurality of arguments, and wherein the security component determines that the 
request is not a security risk if individual arguments do not exceed a maximum 
number of characters, and if a total number of characters defining all of the 
arguments do not exceed a maximum number of characters. 

12. (currently amended) A network system as recited in claim 8 
claim 1, wherein the request further designates [[a]] fee resource locator having a 
resource identifier, and wherein the security component determines that the 
request is not a security risk if the resource identifier has a valid file extension. 
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13. (currently amended) A network system as recited in claim 1, 
wherein: 

the request further designates [[a]] the resource locator having a resource 
path and one or more arguments, the resource path identifying a location of the 
replica resource and the resource path having a resource identifier; 

ll i u jc m iil y uum po Timt i n u oufigurod to rt ntmuiiiit whether tho request will 
poGO a ooourity rialc to tho occond device; 

the security component determines that the request is not a security risk if: 
the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of 
characters; 

a total number of characters defining all of the arguments do not 
exceed a maximum number of characters; and 

the resource identifier has a valid file extension. 

14. (currently amended) A network server, comprising: 
a server component to receive a request for a resource maintained on the 
network server and, in response to the request, implement security policies to 
prevent unauthorized access to the resource; and 

a security component that is registerable with the server component during 
run-time to determine whether the request will pose a security risk to the network 
Reive r, the request post n p the security risk if the resource ha s been corrupted and if 
execution of the resource will compromis e the network server. 
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15. (original) A network server as recited in claim 14, wherein, if the 
security component determines that the request will pose a security risk, the 
security component redirects the request to indicate that the resource is not 
available. 

16. (original) A network server as recited in claim 14, wherein the 
request designates a resource locator having a resource path, the resource path 
identifying a location of the resource, and wherein the security component 
determines that the request is not a security risk if the resource path does not 
exceed a maximum number of characters. 

17. (original) A network server as recited in claim 14, wherein the 
request designates a resource locator having a plurality of arguments, and wherein 
flie security component determines that the request is not a security risk if 
individual arguments do not exceed a maximum number of characters, and if a 
total number of characters defining all of the arguments do not exceed a maximum 
number of characters. 

18. (original) A network server as recited in claim 14, wherein the 
request designates a resource locator having a resource identifier, and wherein the 
security component determines that the request is not a security risk if the resource 
identifier has a valid file extension. 
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19. (original) A network server as recited in claim 14, wherein: 
the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier; 

the security component determines that the request is not a security risk if: 
the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of 
characters; 

a total number of characters defining all of the arguments do not 
exceed a maximum number of characters; and 

the resource identifier has a valid file extension. 

20, (currently amended) A network server system, comprising: 
a server component in a network server to receive a request for a resource 
maintained on the network ih* request designating a resource locator 

having a resource path that identifies a lo cation of the resource, and, in response to 
the request, implement security policies to prevent unauthorized access to the 
resource; and 

a security component in a computing device remote to the network server 
and registerable with the server component during run-time to determine whether 
the resource will pose a security risk to the network server upon receipt of the 
request. 
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21. (previously presented) A network server system as recited in 
claim 20, wherein, if the security component determines that the resource will 
pose a security risk, the security component redirects the request to indicate that 
the resource is not available. 

22. (previously presented) A network server system as recited in 
claim 20, wherein the security component: 

formulates a descriptor corresponding to the resource; 
compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 

initially requested; and 

determines that the resource is not a security risk if the formulated 
descriptor and the cached descriptor are equivalent. 
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23. (previously presented) A network server system as recited in 
claim 20, wherein the security component: 

formulates a descriptor corresponding to the resource; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained 
on a file server remotely located from the network server, the resource being 
replicated from the original resource; 

compares the formulated descriptor with the second descriptor; and 
determines that the resource is not a security risk if the formulated 
descriptor and the second descriptor are equivalent. 
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24, (previously presented) A network server system as recited in 
claim 20, wherein the security component: 

formulates a descriptor corresponding to the resource; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained 
on a file server remotely located from the network server, the resource being 
replicated from the original resource; 

compares the formulated descriptor with the second descriptor; 

if the formulated descriptor and the second descriptor are not equivalent, 
initiates that the resource stored on the network server be replaced with a copy of 
the original resource maintained on the file server; and 

initiates that the cached descriptor be replaced with the second descriptor. 
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25. (previously presented) A network server, comprising: 
an Internet server to receive a request for a resource maintained on the 
network server and, in response to the request, implement security policies to 
prevent unauthorized access to the resource; 

a security component that is registerable with the Internet server during 
run-time s the security component having: 

a validation component to determine whether the request will pose a 
security risk to the network server by determining if a total number of 
characters defining all of the arguments of the request exceeds a maximum 
number of characters; and 

an integrity verification component to determine whether the 
resource will pose a security risk to the network server upon receipt of the 
request. 

26* (original) A network server as recited in claim 25, wherein the 
request designates a resource locator having a resource path, the resource path 
identifying a location of the resource, and wherein the validation component 
determines that the request is not a security risk if the resource path does not 
exceed a maximum number of characters. 



12 



MS1-722U5 MOZ 



PAGE 14/37 ' RCVD AT 3/412005 3:09:00 PM [Eastern Standard Time] ' SVR: USPTO-EFXRF-1/6 ' DNIS:8729306 ' CSfD:509 323 8979 * DURATION (mm-ss):09-04 



MfiR m 2SWb 12:31 FR LEE - HAYES PLL 599 323 8979 TO 1783S7293BS P. 15/37 



2 

3 

4 
5 
6 
7 
8 
9 

10 

11 

12 

13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 



27. (previously presented) A network server as recited in claim 25, 
wherein the request designates a resource locator having a plurality of arguments, 
and wherein the validation component determines that the request is not a security 
risk if individual arguments do not exceed a maximum number of characters. 

28. (original) A network server as recited in claim 25, wherein the 
request designates a resource locator having a resource identifier, and wherein the 
validation component determines that the request is not a security risk if the 
resource identifier has a valid file extension. 

29. (previously presented) A network server as recited in claim 25, 
wherein: 

the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier; 

the validation component determines that the request is not a security risk 



if: 



the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of 
characters; and 

the resource identifier has a valid file extension. 
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30. (original) A network server as recited in claim 25, wherein the 

integrity verification component: 

formulates a descriptor corresponding to the resource; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 

initially requested; and 

determines that the resource is not a security risk if the formulated 
descriptor and the cached descriptor are equivalent. 

31. (original) A network server as recited in claim 25, wherein the 
integrity verification component 

formulates a descriptor corresponding to the resource; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained 
on a file server remotely located from the network server, the resource being 
replicated from the original resource; 

compares the formulated descriptor with the second descriptor, and 
determines that the resource is not a security risk if the formulated 
descriptor and the second descriptor are equivalent. 
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32. (original) A network server as recited in claim 25, wherein the 
integrity verification component: 

formulates a descriptor corresponding to the resource; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource maintained 
on a file server remotely located from the network seiver, the resource being 
replicated from the original resource; 

compares the formulated descriptor with the second descriptor; 

if the formulated descriptor and the second descriptor are not equivalent, 
initiates that the resource stored on the network server be replaced with a copy of 
the original resource maintained on the file server; and 

initiates that the cached descriptor be replaced with the second descriptor. 

33-36. canceled 
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37. (previously presented) One or more computer readable media 
containing a security application, comprising: 

a validation component to determine whether a request for a resource poses 
a security risk by determining if a total number of characters defining all of the 
arguments of the request exceeds a maximum number of characters; and 

an integrity verification component to determine whether the resource poses 
a security risk. 

38. (original) Computer readable media as recited in claim 37, 
wherein the request designates a resource locator having a resource path, the 
resource path identifying a location of the resource, and wherein the validation 
component determines that the request is not a security risk if the resource path 
does not exceed a maximum number of characters. 

39. (previously presented) Computer readable media as recited in 
claim 37, wherein the request designates a resource locator having a plurality of 
arguments, and wherein the validation component determines that the request is 
not a security risk if individual arguments do not exceed a maximum number of 
characters. 
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40. (original) Computer readable media as recited in claim 37, 
wherein the request designates a resource locator having a resource identifier, and 
wherein the validation component determines that the request is not a security risk 
if the resource identifier has a valid file extension. 

41. (previously presented) Computer readable media as recited in 
claim 37, wherein: 

the request designates a resource locator having a resource path and one or 
more arguments, the resource path identifying a location of the resource and the 
resource path having a resource identifier; 

the validation component determines that the request is not a security risk 



if: 



the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of 

characters; and 

the resource identifier has a valid file extension. 
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42. (original) Computer readable media as recited in claim 37, 
wherein the integrity verification component: 

formulates a descriptor corresponding to the resource when the security 

application receives the request; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 

initially requested; and 

determines that the resource is not a security risk if the formulated 
descriptor and the cached descriptor are equivalent. 

43. (original) Computer readable media as recited in claim 37, 
wherein the integrity verification component: 

formulates a descriptor corresponding to the resource when the security 
application receives the request; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource remotely 
located, the resource being replicated from the original resource; 

compares the formulated descriptor with the second descriptor; and 
determines that the resource is not a security risk if the formulated 
descriptor and the second descriptor are equivalent. 



18 



MSI-722US M03 



lee&hayes 

PAGE 20/37 ' RCVDAT 3/4/2005 3:09:00 PM [Eastern Standard Time] 1 SVR:USPTO-EFXRf -1/6 1 DNIS:8729306 1 CSID:509 323 8979 s DURATION (mm-ss):09-U 



MRR Q4 20Q5 12:32 FR LEE - HAYES PLL 503 323 8979 TO 17038729305. P. 21/37 



8 
9 
10 
11 
12 
13 
14 
15 
16 

17 

18 
19 
20 
21 
22 
23 
24 
25 



44. (original) Computer readable media as recited in claim 37, 
wherein the integrity verification component: 

formulates a descriptor corresponding to the resource when the security 

application receives the request; 

compares the formulated descriptor with a cached descriptor, the cached 
descriptor corresponding to the resource and formulated when the resource is 
initially requested; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulates a second descriptor corresponding to an original resource remotely 
located, the resource being replicated from the original resource; 

compares the formulated descriptor with the second descriptor, 

if the formulated descriptor and the second descriptor are not equivalent, 
initiates that the resource be replaced with a copy of the original resource; and 

initiates that the cached descriptor be replaced with the second descriptor. 
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45, (currently amended) A method, comprising: 
receiving a request for a replica resource stored on a computing devicejhe 
r^«t desistin g * r^irce locator haw a resource path identifying a location 

of the replica resource ; 

formulating a descriptor corresponding to the replica resource; 

comparing the formulated descriptor with a cached descriptor 
corresponding to an original resource stored on a second computing device 
remotely located fft>m the computing device, the replica resource being replicated 
from the original resource; 

determining that the replica resource does not pose a security risk if the 
formulated descriptor and the cached descriptor are equivalent; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to the original resource; 

comparing the formulated descriptor with the second descriptor; and 

determining that the replica resource does not pose a security risk if the 
formulated descriptor and the second descriptor are equivalent. 

46. (original) A method as recited in claim 45, further comprising 
allowing the request if said determining that the replica resource does not pose a 
security risk to the computing device. 

47. (original) A method as recited in claim 45, further comprising 
redirecting the request to indicate that the replica resource is not available if 
determining that the replica resource poses a security risk to the computing device. 
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48. (original) A method as recited in claim 45, further comprising 
replacing the cached descriptor with the second descriptor if the formulated 
descriptor and the second descriptor are equivalent. 

49. (original) A method as recited in claim 45, further comprising 
replacing the replica resource with a copy of the original resource if the 
formulated descriptor and the cached descriptor are not equivalent, and if the 
formulated descriptor and the second descriptor are not equivalent 

50. (original) A method as recited in claim 45, further comprising 
replacing the cached descriptor with the second descriptor if the formulated 
descriptor and the cached descriptor are not equivalent, and if the formulated 
descriptor and the second descriptor are not equivalent. 

51. (original) A method as recited in claim 45, further comprising 
formulating the cached descriptor when the original resource is replicated to create 
the replica resource. 

52. (original) A method as recited in claim 45, further comprising 
formulating the cached descriptor when the replica resource is initially requested 

53. (original) A method as recited in claim 45, further comprising 
determining whether the request will pose a security risk. 
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54. (original) A method as recited in claim 45, farther comprising; 
determining whether the request will pose a security risk; and 
redirecting the request to indicate that the replica resource is not available if 

determining that the request poses a security risk to the computing device. 

55. (currently amended) A method as recited in claim 45, where i n 
t ho r c qu oi t d nic n ntn n t™*""" w ^ n resource path, the resource p nth 
identifying o location of the r o plioa rcsou i oo, and the method further comprising 
determining that the request does not pose a security risk if the resource path does 
not exceed a maximum number of characters. 

56* (currently amended) A method as recited in claim 45, wherein 
the request farther designates [[a]] die resource locator having a plurality of 
arguments, and the method further comprising determining that the request does 
not pose a security risk if individual arguments do not exceed a maximum number 
of characters, and if a total number of characters defining all of the arguments do 
not exceed a maximum number of characters. 

57. (currently amended) A method as recited in claim 45, wherein 
the request further designates [[a]] the resource locatpr having a resource 
identifier, and the method further comprising determining that the request does not 
pose a security risk if the resource identifier has a valid file extension. 
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58. (currently amended) A method as recited in claim 45, 
wherein: 

the request further designates [[a]] the resource locator having a resource 
path and one or more arguments, the resource path identifying a location of the 
replica resource and the resource path having a resource identifier; 

the method further comprising determining that the request does not pose a 

security risk if: 

the resource path does not exceed a maximum number of characters; 
individual arguments do not exceed a maximum number of 
characters; 

a total number of characters defining all of the arguments do not 
exceed a maximum number of characters; and 

the resource identifier has a valid file extension. 

59. (original) A computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform 
the method of claim 45. 

60. (original) A computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform 
the method of claim 58. 
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61. (previously presented) A method, comprising: 
receiving a request for a resource; 

implementing security policies to prevent unauthorized access to the 
resource; 

determining whether the request will pose a security risk by determining if 
a total number of characters defining all of the arguments of the request exceeds a 
maximum number of characters; and 

determining whether the resource will pose a security risk if allowing the 

request. 

62. (original) A method as recited in claim 61, further comprising 
allowing the request for the resource if determining that the request does not pose 
a security risk and if determining that the resource does not pose a security risk. 

63. (original) A method as recited in claim 61, wherein the request 
designates a resource locator having a resource path, the resource path identifying 
a location of the resource, and the method further comprising determining that the 
request does not pose a security risk if the resource path does not exceed a 
maximum number of characters. 
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64. (previously presented) A method as recited in claim 61, wherein 
the request designates a resource locator having a plurality of arguments, and the 
method further comprising determining that the request does not pose a security 
risk if individual arguments do not exceed a maximum number of characters. 

65. (original) A method as recited in claim 61 , wherein the request 
designates a resource locator having a resource identifier, and the method further 
comprising determining that the request does not pose a security risk if the 
resource identifier has a valid file extension. 

66. (original) A method as recited in claim 6 1 , farther comprising: 
formulating a descriptor corresponding to the resource; 

comparing the formulated descriptor with a cached descriptor 
corresponding to the resource and formulated when the resource is initially 
requested; and 

determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent. 
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67, (original) A method as recited in claim 61 , further comprising: 

formulating a descriptor corresponding to the resource; 

comparing the formulated descriptor with a cached descriptor 
corresponding to the resource and formulated when the resource is initially 
requested; 

determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to an original resource remotely 
located, the resource replicated from the original source; 

comparing the formulated descriptor with the second descriptor; and 

determining that the resource does not pose a security risk if the formulated 
descriptor and the second descriptor are equivalent. 
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68. (original) A method as recited in claim 61, further comprising: 

formulating a descriptor corresponding to the resource; 

comparing the formulated descriptor with a cached descriptor 
corresponding to the resource and formulated when the resource is initially 
requested; 

determining that the resource does not pose a security risk if the formulated 
descriptor and the cached descriptor are equivalent; 

if the formulated descriptor and the cached descriptor are not equivalent, 
formulating a second descriptor corresponding to an original resource remotely 
located, the resource replicated from the original resource; 

comparing the formulated descriptor with the second descriptor; and 

determining that the resource does not pose a security risk if the formulated 
descriptor and the second descriptor are equivalent; 

if the formulated descriptor and the second descriptor are not equivalent, 
replacing the resource with a copy of the original resource and replacing the 
cached descriptor with the second descriptor, 

69. (original) A computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform 
the method of claim 61 . 

7(h (original) A computer-readable medium comprising computer 
executable instructions that, when executed, direct a computing system to perform 
the method of claim 68. 
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